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Abstract 

In quantum information, the role of entanglement and 
disentanglement is itself a subject of research and debate. 
Earlier works on quantum cryptography have almost es- 
tablished that entanglement has no special advantage in 
quantum cryptography. In this paper we reveal that en- 
tanglement is better ingredient than disentanglement for 
our alternative quantum cryptography. 
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In quantum information, there are some tasks which can be accomphshed 
only by entanglement -such as dense coding [1] and teleportation [2]. But, 
there are some other tasks which can be realized both by entanglement 
and disentanglement. Quantum computation algorithm [3] and quantum 
cryptography [3-5] are two major applications of both entanglement and 
disentanglement . 

Between entanglement and disentanglement which one is better in- 
gredient in quantum computation and quantum cryptography ? This 
question is yet not settled in quantum computation, however, entangle- 
ment enjoys some favoritism from the researchers in this field. In quan- 
tum cryptography this question is believed to have been settled. In his 
entanglement-based quantum key distribution protocol [5] Ekert pointed 
out that quantum encryption can be executed after the transmission of 
the quantum state. This seemed to be advantageous to ensure the secu- 
rity of the key. Bennett, Brassard and Mermin [6] comparatively stud- 
ied Ekert 's entanglement-based and Bennett-Brassard's disentanglement- 
based quantum key distribution (QKD) protocols. They concluded that 
so far security is concerned, the operational advantage of Ekert's proto- 
col is apparent. Since then, many quantum cryptographic protocols have 
been proposed and both type of cryptosystems have been extensively 
studied. But neither of the two type of systems can stake claim of its 
superiority. 

In their comparative study [6], Bennett et a/ made an another impor- 
tant observation. They found that entanglement and disentanglement 
based cryptosystem are indistinguishable. That is, which type is being 
used cannot be distinguished by others. If sender uses entangled state 
but tells dishonestly to the receiver that he used disentangled state for 
the encryption, then receiver could not also verify the veracity of sender's 
statement. In that sense, two cryptosystems are indistinguishable. It is 
recently understood conventional quantum bit commitment protocol ( a 
cryptographic application) completely fails [7,8] because of this indistin- 



2 



guishability of two systems. Therefore, Bennett et aFs work has become 
helpful to examine other cryptographic tasks. Their work was based 
on conventional cryptography. Recently alternative disentanglement and 
entanglement based cryptographic protocols have been proposed [9,10]. 
Many conclusions drawn from conventional quantum cryptography do 
not hold good in alternative quantum cryptography. So a fresh compar- 
ative study is necessary. 

Alternative disentanglement-based cryptosystem [9] uses mixed quan- 
tum state to encode a bit value but alternative entanglement based sys- 
tem [10] uses many pure entangled states for the same purpose. Despite 
this dissimilarity, they have many similarities. Both can operate entirely 
on quantum channel and can provide quantum authentication. In both 
the systems, key can carry meaningful information. Secure bit commit- 
ment encoding [ll]and secure quantum coin tossing [11] are possible for 
both the systems. 

Yet the two systems are not well understood. We have seen that clas- 
sical channel cannot be used in disentanglement-based system when each 
individual bit is separately made secure, but we do not know whether 
same is true for our entanglement-based system. We also do not know 
whether conventional cryptography or its prototype can be recovered 
from these alternative systems or not. Here we shall see that on these 
two questions two cryptosystems differ. 

First, we shall present a modified (alternative) entanglement-based 
QKD protocol in which classical channel can be used when each bit is 
separately made secure and a prototype of conventional QKD protocol 
can be recovered from this protocol. This kind of modification is not 
possible for our disentanglement based system. This will imply that 
our entanglement-based system can be made much much faster than our 
disentanglement-based system. 

Suppose a source emits pairs of spin 1/2 particle in their singlet state. 
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Two users, Alice and Bob, get one particle from each pair. Alice and Bob 
secretly share the information of two sequences of measurements. Sup- 
pose two sequences of direction of spin-measurements are: 
Si; = {x, X, y, y, X, y, y, y, x, x, y, x, }, 

^1 ~ {y^ -^j -^j -^j y^ -^j y^ y^ y^ -^j -^j }> 

where and 1 in the subscripts stand for bit values and "x" and "y" are 
two orthogonal directions of measurements. 

Let us assume they jointly decide the bit values. The bit values can 
be decided when both of them use the same sequence of measurements. 
To produce a key, both use 5*0 and 5*1 at random on their own sequences 
of EPR particles. When both use 5*0 or 5*1, the corresponding results 
will be perfectly correlated. But if one use Sq and other or vice versa, 
the results will not be perfectly correlated. So 50% bit value choices are 
discarded. The remaining 50% bits form the key. We shall first assume 
they reveal results through classical public channel. 

Their measurements yield the two sequences of data sets: 

{Rt Rt Rt Rt Ri, Rt Rt Ri, }■ 

/ F?^ F?^ F?^ F?S F?S F?S F?S F?^ \ 
) ^2 ' -'•'3 ' ^4 ' -'''5 ' -'''6 ' -'^7 ' -'''8 ' J • 

The first one is Alice's sequence and second one is Bob's. Half of their 
data sets contain perfectly correlated data. 

Eavesdropper's problem is to know the secret code of measurements. 
For simplicity, let us think they want to produce a single bit and only 
Bob's particles are exposed to Eve. Eve can directly or indirectly mea- 
sure using her own sequence of measurements. She gets a set of data 
from her measurements and taps Alice's set of data when Alice reveals 
the results. But these two sets of data will neither reveal any bit infor- 
mation nor complete information of Alice's choice of measurements. Now 
it is Eve's turn to reveal the results. Alice's and Eve's results cannot be 
perfectly correlated. But this can be interpreted by Alice as a case of 
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non-identical choice of bit values. Note that in 5*0 and 5*1 there is a com- 
mon subsequence Sc- So if Alice does not get perfect correlation, she can 
check the data corresponding to Sc- Irrespective of choice of sequences 
of measurements, the data corresponding to Sc will be always perfectly 
correlated. This second test will expose eavesdropping. Still it is not the 
last nail to eavesdropping. 

The data are not secure because public channel is not authenticated 
channel. Eve can impersonate. After Alice's disclosure of data. Eve, 
impersonating Bob, can reveal "fake data" correlating with Alice's data. 
Same thing she can do with Bob's data impersonating Alice. Note that 
this attack works only for "fake correlation". That is, this attack will 
work when the users choose the same bit value. But they also choose 
different bit values in 50% cases. In those cases, data are not perfectly 
correlated, only the data corresponding to Sc are perfectly correlated. 
So initially if they do not get perfect correlation between their data sets, 
they will get perfect correlation in the subsets. As is hidden in and 
Si, Eve could not generate "fake correlation" in the data corresponding 
to the subset Sc- Therefore Eve can only impersonate to select the bits 
not to reject the bits. Eve can leave the task of rejecting the bits for the 
legitimate users. It seems that system fails. 

There is a rescue. The "fake correlation" attack works as both of 
them reveal all the data of the same events. The "fake correlation" can- 
not be produced if they do not reveal any data. But the data has to be 
revealed if the system is to run. If they do not reveal all the results of 
the same events, yet the system can work but "fake correlation" attack 
cannot. For clarity, suppose they divide the results of each set into two 
subsets. Alice's subsets are and and Bob's corresponding subsets 
are: rf and r^. They reveal the data of non identical sets -that is, either 

and or and . Because, the data of two correlated subsets are 
not revealed, "fake correlation" attack will not work. 
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To create many bits, the strategy, discussed above, has to be repeat- 
edly used to ensure bit by bit security. If any bit is found corrupted, the 
next bit will not be produced. If eavesdropping is detected they must 
reject Sq and Si and may try with another two preselected sequences of 
measurements. 

Is it possible to recover existing quantum cryptography from alter- 
native quantum cryptography and vice versa ? Let us see the basic 
difference of the conventional and alternative systems. In conventional 
quantum cryptography, a pure state or a pure entangled state represent 
a classical bit/bits. On the other hand in alternative quantum cryptog- 
raphy, many states represent a classical bit. The bits of the conventional 
cryptosystem do not carry meaningful information but it carries mean- 
ingful information in alternative cryptosystem. Therefore recovery of al- 
ternative system from conventional system is not possible. But if we can 
produce pure state -bits (which does not carry any meaningful informa- 
tion) from alternative system then at least recovery of prototype of con- 
ventional system, if not the same system, will be possible. We have two 
options - recovery of conventional entanglement-based system from al- 
ternative entanglement based system and conventional disentanglement- 
based system from alternative disentanglement-based system. Next we 
shall see that the former can be easily realized. 

We have seen that when both of them use Sq or Si, the data are per- 
fectly correlated. These two sets of data can make a key provided they 
are not revealed. Suppose Alice divides the results into three subsets r^, 

and r^. Taking the results of same instances( which events will be 
chosen to construct the three subsets are not secret) Bob prepares his 
three subsets rf , rf and . Ahce reveals and Bob or Ahce re- 
veals and Bob r^. Both go through the correlation test. If correlation 
is found they know their chosen bit value and side by side they know 
the undisclosed subsets and contain perfectly correlated data. To 
construct r^, it is better to use the data corresponding to Sc so that they 
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always get perfectly correlated data even when they use non-identical 
sequences of measurements. Continuing the process two different kind of 
keys (fast and slow keys) can be produced. The former does not exist 
even in the mind of the users and the later can exist in the mind of the 
users. If they want to produce only the former type they can share only 
a single sequence of measurement instead of the two. 

The recovery of conventional entanglement-based system from alter- 
native entanglement-based system is not possible. The reason is, a se- 
quence of single photon polarized states produces sequence of results. 
These results can represent bit value. But if these results are revealed 
they cannot be secure. 

Why do these systems differ on the above two issues ? Prom a se- 
quence of two-particle entangled state Alice and Bob can get correlated 
random bits. And some of the correlated data arc used for authentication 
via public channel and rest of the correlated data itself can make a fast 
key (which is a recovery of a prototype of conventional QKD protocol). 
Measurements on a sequence of disentangled states never produce cor- 
related data. Therefore, entanglement is a necessary condition to have 
the above mentioned two utilities. As we get fast key from entanglement 
based system, entanglement is better secure number generator than dis- 
entanglement in our case. 

Throughout our discussion we relied on bit by bit security. If we do 
not want bit by bit security but want security of many bits (meaningful) 
at a time, then such security needs to be proved. In that scenario there 
may have a possibility of using authenticated classical channel (authenti- 
cation by some additional shared classical bits) in our disentanglement- 
based system. In that eventuality, we can say the use of classical channel 
and bit by bit security are mutually exclusive in our disentanglement- 
based system. 
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